Compositional CompCert

Gordon Stewart; Lennart Beringer; Santiago Cuellar; Andrew W. Appel

doi:10.1145/2676726.2676985

Compositional CompCert

Gordon Stewart, Lennart Beringer, Santiago Cuellar, Andrew W. Appel

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

This paper reports on the development of Compositional Comp-Cert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy et al. 2006-2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer et al.'s logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.

Original language	English (US)
Pages (from-to)	275-287
Number of pages	13
Journal	ACM SIGPLAN Notices
Volume	50
Issue number	1
DOIs	https://doi.org/10.1145/2676726.2676985
State	Published - Jan 2015

All Science Journal Classification (ASJC) codes

Computer Science(all)

Keywords

CompCert
Compiler correctness

Access to Document

10.1145/2676726.2676985

Fingerprint Dive into the research topics of 'Compositional CompCert'. Together they form a unique fingerprint.

Cite this

@article{9d1a9468b26542c89f33020cef7f93f3,

title = "Compositional CompCert",

abstract = "This paper reports on the development of Compositional Comp-Cert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy et al. 2006-2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer et al.'s logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.",

keywords = "CompCert, Compiler correctness",

author = "Gordon Stewart and Lennart Beringer and Santiago Cuellar and Appel, {Andrew W.}",

year = "2015",

month = jan,

doi = "10.1145/2676726.2676985",

language = "English (US)",

volume = "50",

pages = "275--287",

journal = "ACM SIGPLAN Notices",

issn = "1523-2867",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - Compositional CompCert

AU - Stewart, Gordon

AU - Beringer, Lennart

AU - Cuellar, Santiago

AU - Appel, Andrew W.

PY - 2015/1

Y1 - 2015/1

N2 - This paper reports on the development of Compositional Comp-Cert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy et al. 2006-2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer et al.'s logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.

AB - This paper reports on the development of Compositional Comp-Cert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy et al. 2006-2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer et al.'s logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.

KW - CompCert

KW - Compiler correctness

UR - http://www.scopus.com/inward/record.url?scp=84950321922&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950321922&partnerID=8YFLogxK

U2 - 10.1145/2676726.2676985

DO - 10.1145/2676726.2676985

M3 - Article

AN - SCOPUS:84950321922

VL - 50

SP - 275

EP - 287

JO - ACM SIGPLAN Notices

JF - ACM SIGPLAN Notices

SN - 1523-2867

IS - 1

ER -